[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Fwd: Xen-4.1.6.1 backport for XSA156



On 20.11.2015 16:59, Jan Beulich wrote:
>>>> On 20.11.15 at 16:03, <stefan.bader@xxxxxxxxxxxxx> wrote:
>> I am currently trying to backport the changes of XSA156 back to Xen-4.1.x 
>> and I
>> am struggling with the VMX side. I did see the backports made for 4.2 and 
>> 3.4 on
>> the security mailing list but I am not sure the 3.4 backport is not having 
>> the
>> same issues (or similar ones).
>>
>> Trying to write down my understanding of the changes: For the 3.4 backport 
>> there
>> are only changes to the toggles for debugging and the general trap mask. So 
>> if I
>> understand this right, before the change, TRAP_debug and TRAP_int3 were only
>> handled in vmexit when a debugger was attached to the domain. Now, only
>> TRAP_int3 will be toggled and TRAP_debug is always handled.
> 
> I've never looked at that 3.4 backport, but not changing the VMEXIT
> handling certainly sounds wrong. I'll attach what I have done for 4.1.
> Please report back any problems you encounter.

If I am not missing any detail your 4.1 patch looks exactly the same as the
version I ended up with (basically dropping some trace).
Have you tested the resulting HV on an Intel/VMX box and tried to use ptrace
inside the HVM guest?

This is where my problems come from. Or potentially your vmx_inject_hw_exception
has been modified since stable-4.1.6.1?

-Stefan
> 
> Jan
> 


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.